Government data security consultation

The Government has been conducting a data security review, run by Dame Fiona Caldicott, the National Data Guardian for Health and Care. A report has now been produced with ten proposed standards:

  1. All staff ensure that personal confidential data is handled, stored and transmitted securely, whether in electronic or paper form. Personal confidential data is only shared for lawful and appropriate purposes.
  2. All staff understand their responsibilities under the National Data Guardian’s Data Security Standards including their obligation to handle information responsibly and their personal accountability for deliberate or avoidable breaches.
  3. All staff complete appropriate annual data security training and pass a mandatory test, provided through the revised Information Governance Toolkit.
  4. Personal confidential data is only accessible to staff who need it for their current role and access is removed as soon as it is no longer required. All access to personal confidential data on IT systems can be attributed to individuals.
  5. Processes are reviewed at least annually to identify and improve processes which have caused breaches or near misses, or which force staff to use workarounds which compromise data security.
  6. Cyber-attacks against services are identified and resisted and CareCERT security advice is responded to. Action is taken immediately following a data breach or a near miss, with a report made to senior management within 12 hours of detection.
  7. A continuity plan is in place to respond to threats to data security, including significant data breaches or near misses, and it is tested once a year as a minimum, with a report to senior management.
  8. No unsupported operating systems, software or internet browsers are used within the IT estate.
  9. A strategy is in place for protecting IT systems from cyber threats which is based on a proven cyber security framework such as Cyber Essentials. This is reviewed at least annually.
  10. Suppliers are held accountable via contracts for protecting the personal confidential data they process and meeting the National Data Guardian’s Data Security Standard.

The Government are seeking feedback on the proposed ten standards via an online survey, which is open until 7 September 2016.

Last updated : 19 Jul 2016
 

NHS 73rd anniversary video (20 Jul 2021)

The health service has accomplished a lot, especially in the past year. We have made this video to recognise the momentous efforts made by GPs, practice staff and others working...
Read more »

Tips of the Month July 2021 (20 Jul 2021)

We provide weekly tips based on common queries which come through to us from London GPs and practice teams. These are shared via social media and collated for...
Read more »

GP Data for Planning and Research suspended until tests met (20 Jul 2021)

On 19 July NHS Digital announced it is setting three tests for the data collection associated with the GP Data for Planning and Research project (GPDfPR).These tests are: The...
Read more »

Reminder: Londonwide LMCs mask wearing poster for practices (19 Jul 2021)

Reminder: Londonwide LMCs mask wearing poster for practices Practices can download and...
Read more »

Covid-19 response update (16 Jul 2021)

In the last two weeks guidance has been issued on core services and the vaccination enhanced service. NHS England letter of 19 July This letter sets out changes for...
Read more »

Face covering requirements in practices (16 Jul 2021)

NHS England confirmed on 15 July 2021 that Public Health England’s infection prevention and control (IPC) guidance still applies to patient-facing healthcare settings, ahead of the law around mask wearing...
Read more »

Mword Issue 85 - Dr Michelle Drage's latest update for GPs and practice teams (12 Jul 2021)

Read more »

Solicitors’ letters regarding ‘mask discrimination’ (12 Jul 2021)

We are aware that practices are being contacted by solicitors’ firms seeking damages for patients for “discrimination in relation to mask wearing and access to care”. The following advice may...
Read more »

UPDATE: Appointment mapping exercise deadline extended to 31 July 2021 (30 Jun 2021)

We have just learned that NHS England have extended the standardised GP appointment categories mapping exercise deadline until 31 July. This also means the first payments to PCNs move from...
Read more »

Mword Issue 84 - Dr Michelle Drage's latest update for GPs and practice teams (28 Jun 2021)

Read more »
Next Page »
« Previous Page